Switching from SQL Server authentication to Windows authentication

In a fresh installation, you can choose the Windows Authentication option to use the Windows authentication mechanism for the Microsoft SQL Server database user.     

In case of upgrade, if you are using SQL Server authentication in your existing installation, and you want to switch to Windows authentication for enhanced security, you need to update the following service and files after upgrade:

• BCA-Networks Web Server service
• database.properties file
• BcanInstalledConfiguration.xml file
• catalina.properties file (required only if you are using local authentication)

This topic provides instructions for switching to Windows authentication.

• Before you begin
• To update the authentication mechanism in the BCA-Networks Web Server service
• To update the authentication mechanism in the database.properties file
• To update the authentication mechanism in the BcanInstalledConfiguration.xml file
• To update the authentication mechanism in the catalina.properties file
• After you update the files and service
• Related topic

Before you begin

Before you start switching, ensure that the following prerequisites are met:

• You must log on to the TrueSight Network Automation application server with the Windows user account that you want to use for the authentication mechanism.
• Ensure that the new Windows database user is the owner of the database used by TrueSight Network Automation. 

To update the authentication mechanism in the BCA-Networks Web Server service

1. Log on to the TrueSight Network Automation application server as an Administrator.
2. From the Control Panel, navigate to Administrative Tools > Services.
3. Double-click the BCA-Networks Web Server service and click the Log On tab.
4. Choose the This Account option.
5. Enter the Windows user name in the following format: domain\userName
6. Enter and confirm the database password.
7. Click Apply and then click OK.

To update the authentication mechanism in the database.properties file

1. Log on to the TrueSight Network Automation server as an Administrator.
2. Generate an encrypted password:

   1. Run the BcanMaintenanceTool utility:

      BCAN_HOME\utility\BcanMaintenanceTool.cmd

   2. On the Encrypt tab, enter the password in the Password and Confirm Password fields.
   3. Select Encrypt Product Password from the list.
   4. Click Encrypt.
   5. Copy the encrypted hexadecimal string to the clipboard.
3. Open the BCAN_DATA\database.properties file in a text editor.
4. Update the user name, as follows:
   1. Locate the following property: javax.jdo.option.ConnectionUserName
   2. Replace the user name with the Windows user name in the following format: domain\userName
5. Update the connection URL, as follows:
   1. Locate the following property: javax.jdo.option.ConnectionURL
   2. Append the following to property value: ;integratedSecurity=true
6. Update the connection password, as follows:
   1. Locate the following property: javax.jdo.option.EncryptedConnectionPassword
   2. Paste in the hexadecimal string as the property value that you generated in step 2.
7. Save the file and close the editor.

To update the authentication mechanism in the BcanInstalledConfiguration.xml file

1. Depending on the operating system, log on to the TrueSight Network Automation server as an Administrator or root.
2. Generate an encrypted password:

   1. Run the BcanMaintenanceTool utility:

      BCAN_HOME\utility\BcanMaintenanceTool.cmd

   2. On the Encrypt tab, enter the password in the Password and Confirm Password fields.
   3. Select Encrypt Silent Install Configuration File Password from the list.
   4. Click Encrypt.
   5. Copy the encrypted hexadecimal string to the clipboard.
3. Open the TSNAInstallDir\BcanInstalledConfiguration.xml file in a text editor.
4. Update the user name, as follows:
   1. Locate the DATABASE_USER_ID property.
   2. In the property value, replace the user name with the Windows user name in the following format: domain\userName
5. Update the connection URL, as follows:
   1. Locate the DATABASE_URL property.
   2. Append the following to the property value: ;integratedSecurity=true
6. Update the connection password, as follows:
   1. Locate the DATABASE_USER_PASSWORD and DATABASE_USER_CONFIRM_PASSWORD properties.
   2. Paste in the hexadecimal string (generated in step 2) in the value of these properties.

7. Add a new property, MSSQL_WIN_AUTH_SELECTED, after the DATABASE_USER_CONFIRM_PASSWORD property, as follows:

   <property>
     <name>MSSQL_WIN_AUTH_SELECTED</name>
     <value>true</value>
   </property>
8. Save the file and close the editor.

To update the authentication mechanism in the catalina.properties file

1. Log on to the TrueSight Network Automation server as an Administrator.
2. Generate an encrypted password:

   1. Run the BcanMaintenanceTool utility:

      BCAN_HOME\utility\BcanMaintenanceTool.cmd

   2. On the Encrypt tab, enter the password in the Password and Confirm Password fields.
   3. Select Encrypt Product Password from the list.
   4. Click Encrypt.
   5. Copy the encrypted hexadecimal string to the clipboard.
3. Open the TSNAInstallDir\catalina.peroperties file in a text editor.
4. Update the connection URL, as follows:
   1. Locate the following property: bna.jdbcRealm.connectionURL
   2. Append the following to the property value: ;integratedSecurity=true
5. Update the user name, as follows:
   1. Locate the following property: bna.jdbcRealm.connectionUsername
   2. In the property value, replace the user name with the Windows user name in the following format: domain\userName
6. Update the connection password, as follows:
   1. Locate the following property: bna.jdbcRealm.connectionPassword
   2. Replace the hexadecimal string with the encrypted password that you generated in step 2.
7. Save the file and close the editor.

After you update the files and service

After you change the service and files, restart the BCA-Networks Web Server service.

Related topic

Installing-the-application-server-on-Windows